[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 30.075293] random: sshd: uninitialized urandom read (32 bytes read) [ 30.415979] audit: type=1400 audit(1536305868.204:6): avc: denied { map } for pid=4820 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 30.456519] random: sshd: uninitialized urandom read (32 bytes read) [ 31.020223] random: sshd: uninitialized urandom read (32 bytes read) [ 31.214925] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.40' (ECDSA) to the list of known hosts. [ 36.904695] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 37.014780] audit: type=1400 audit(1536305874.802:7): avc: denied { map } for pid=4834 comm="syz-executor275" path="/root/syz-executor275158058" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 37.018499] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 37.068266] ================================================================== [ 37.078368] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 37.084886] Read of size 8 at addr ffff8801c69b0058 by task syz-executor275/4834 [ 37.092532] [ 37.094266] CPU: 1 PID: 4834 Comm: syz-executor275 Not tainted 4.19.0-rc2+ #4 [ 37.101528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.110976] Call Trace: [ 37.113816] dump_stack+0x1c9/0x2b4 [ 37.117560] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.123075] ? printk+0xa7/0xcf [ 37.126470] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.131223] ? __schedule+0xf54/0x1df0 [ 37.135111] print_address_description+0x6c/0x20b [ 37.139951] ? __schedule+0xf54/0x1df0 [ 37.143835] kasan_report.cold.7+0x242/0x30d [ 37.148244] __asan_report_load8_noabort+0x14/0x20 [ 37.153173] __schedule+0xf54/0x1df0 [ 37.156888] ? __sched_text_start+0x8/0x8 [ 37.161030] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 37.166132] ? __call_srcu+0x7e7/0x1040 [ 37.170113] ? check_same_owner+0x340/0x340 [ 37.174430] ? mark_held_locks+0x160/0x160 [ 37.178657] ? find_held_lock+0x36/0x1c0 [ 37.182716] preempt_schedule_common+0x22/0x60 [ 37.187296] _cond_resched+0x1d/0x30 [ 37.191009] wait_for_completion+0xa5/0x8d0 [ 37.195330] ? wait_for_completion_interruptible+0x950/0x950 [ 37.201123] ? __lockdep_init_map+0x105/0x590 [ 37.205613] ? __init_waitqueue_head+0x9e/0x150 [ 37.210284] ? init_wait_entry+0x1c0/0x1c0 [ 37.214523] __synchronize_srcu+0x189/0x240 [ 37.218841] ? call_srcu+0x10/0x10 [ 37.222384] ? rcu_unexpedite_gp+0x20/0x20 [ 37.226636] synchronize_srcu+0x335/0x56f [ 37.230790] ? lock_downgrade+0x8f0/0x8f0 [ 37.234944] ? synchronize_srcu_expedited+0x20/0x20 [ 37.239961] ? kasan_check_read+0x11/0x20 [ 37.244112] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.248692] ? kasan_check_write+0x14/0x20 [ 37.252929] ? do_raw_spin_lock+0xc1/0x200 [ 37.257168] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.262885] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.268335] ? kvfree+0x61/0x70 [ 37.271613] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.276632] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.280688] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.285098] ? kvm_arch_sync_events+0x30/0x30 [ 37.289598] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.295138] ? mmu_notifier_unregister+0x474/0x600 [ 37.300062] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.304466] ? kfree+0x111/0x210 [ 37.307836] ? __mmu_notifier_register+0x30/0x30 [ 37.312596] ? __free_pages+0x10a/0x190 [ 37.316571] ? free_unref_page+0x930/0x930 [ 37.320837] kvm_put_kvm+0x73f/0x1060 [ 37.324643] ? kvm_write_guest_cached+0x40/0x40 [ 37.329314] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.333811] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.338307] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.342891] ? kasan_check_write+0x14/0x20 [ 37.347119] ? do_raw_spin_lock+0xc1/0x200 [ 37.351352] ? kvm_irqfd_release+0xdd/0x120 [ 37.355667] ? kvm_irqfd_release+0xdd/0x120 [ 37.359987] ? kvm_put_kvm+0x1060/0x1060 [ 37.364044] kvm_vm_release+0x42/0x50 [ 37.367841] __fput+0x38a/0xa40 [ 37.371120] ? __alloc_file+0x400/0x400 [ 37.375096] ? check_same_owner+0x340/0x340 [ 37.379417] ? kasan_check_write+0x14/0x20 [ 37.383660] ? do_raw_spin_lock+0xc1/0x200 [ 37.387913] ____fput+0x15/0x20 [ 37.391190] task_work_run+0x1e8/0x2a0 [ 37.395073] ? task_work_cancel+0x240/0x240 [ 37.399394] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.404951] ? switch_task_namespaces+0xa2/0xd0 [ 37.409632] do_exit+0x1ae4/0x26e0 [ 37.413195] ? mm_update_next_owner+0x9a0/0x9a0 [ 37.417878] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 37.422114] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.427125] ? kfree+0x1d7/0x210 [ 37.430492] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 37.434728] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 37.440441] ? avc_has_extended_perms+0xa97/0x15c0 [ 37.445366] ? kernel_text_address+0x9e/0xf0 [ 37.449774] ? ptrace_set_breakpoint_addr+0xbb/0x380 [ 37.454882] ? avc_ss_reset+0x190/0x190 [ 37.458894] ? save_stack+0xa9/0xd0 [ 37.462517] ? save_stack+0x43/0xd0 [ 37.466152] ? __kasan_slab_free+0x11a/0x170 [ 37.470570] ? kasan_slab_free+0xe/0x10 [ 37.474548] ? putname+0xf2/0x130 [ 37.478004] ? __x64_sys_openat+0x9d/0x100 [ 37.482235] ? do_syscall_64+0x1b9/0x820 [ 37.486296] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.491661] ? initcall_blacklisted+0x9a/0x1e0 [ 37.496243] ? rcu_note_context_switch+0x680/0x680 [ 37.501181] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 37.506886] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.512419] ? do_vfs_ioctl+0x201/0x1720 [ 37.516478] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 37.521682] ? ioctl_preallocate+0x300/0x300 [ 37.526100] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.531652] ? selinux_capable+0x40/0x40 [ 37.535713] ? path_pts+0x9f/0x1f0 [ 37.539256] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.544266] ? kmem_cache_free+0x246/0x280 [ 37.548495] ? putname+0xf7/0x130 [ 37.551965] do_group_exit+0x177/0x440 [ 37.555849] ? trace_hardirqs_on+0xbd/0x2c0 [ 37.560179] ? __ia32_sys_exit+0x50/0x50 [ 37.564237] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 37.569337] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.574871] ? ksys_ioctl+0x81/0xd0 [ 37.578496] __x64_sys_exit_group+0x3e/0x50 [ 37.582821] do_syscall_64+0x1b9/0x820 [ 37.586710] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.592069] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.596999] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.601853] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 37.606869] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 37.611888] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.616906] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.621750] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.626933] RIP: 0033:0x43ef08 [ 37.630124] Code: Bad RIP value. [ 37.633481] RSP: 002b:00007fffb71100c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 37.641211] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 37.648497] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 37.655775] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 37.663055] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 37.670320] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 37.677591] [ 37.679209] Allocated by task 4834: [ 37.682837] save_stack+0x43/0xd0 [ 37.686283] kasan_kmalloc+0xc4/0xe0 [ 37.689992] kasan_slab_alloc+0x12/0x20 [ 37.693973] kmem_cache_alloc+0x12e/0x710 [ 37.698124] vmx_create_vcpu+0xcf/0x2830 [ 37.702180] kvm_arch_vcpu_create+0xe5/0x220 [ 37.706620] kvm_vm_ioctl+0x488/0x1d80 [ 37.710500] do_vfs_ioctl+0x1de/0x1720 [ 37.714383] ksys_ioctl+0xa9/0xd0 [ 37.717833] __x64_sys_ioctl+0x73/0xb0 [ 37.722023] do_syscall_64+0x1b9/0x820 [ 37.725910] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.731084] [ 37.732703] Freed by task 4834: [ 37.735980] save_stack+0x43/0xd0 [ 37.739440] __kasan_slab_free+0x11a/0x170 [ 37.743685] kasan_slab_free+0xe/0x10 [ 37.747494] kmem_cache_free+0x86/0x280 [ 37.751466] vmx_free_vcpu+0x26b/0x300 [ 37.755347] kvm_arch_destroy_vm+0x365/0x7c0 [ 37.759751] kvm_put_kvm+0x73f/0x1060 [ 37.763548] kvm_vm_release+0x42/0x50 [ 37.767348] __fput+0x38a/0xa40 [ 37.770623] ____fput+0x15/0x20 [ 37.773892] task_work_run+0x1e8/0x2a0 [ 37.777772] do_exit+0x1ae4/0x26e0 [ 37.781326] do_group_exit+0x177/0x440 [ 37.785208] __x64_sys_exit_group+0x3e/0x50 [ 37.789522] do_syscall_64+0x1b9/0x820 [ 37.793408] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.798582] [ 37.800222] The buggy address belongs to the object at ffff8801c69b0040 [ 37.800222] which belongs to the cache kvm_vcpu of size 23872 [ 37.812790] The buggy address is located 24 bytes inside of [ 37.812790] 23872-byte region [ffff8801c69b0040, ffff8801c69b5d80) [ 37.824751] The buggy address belongs to the page: [ 37.829671] page:ffffea00071a6c00 count:1 mapcount:0 mapping:ffff8801d4c4f900 index:0x0 compound_mapcount: 0 [ 37.839642] flags: 0x2fffc0000008100(slab|head) [ 37.844311] raw: 02fffc0000008100 ffff8801d4c4b348 ffff8801d4c4b348 ffff8801d4c4f900 [ 37.852187] raw: 0000000000000000 ffff8801c69b0040 0000000100000001 0000000000000000 [ 37.860054] page dumped because: kasan: bad access detected [ 37.865762] [ 37.867376] Memory state around the buggy address: [ 37.872295] ffff8801c69aff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.879647] ffff8801c69aff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.886999] >ffff8801c69b0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 37.894364] ^ [ 37.900593] ffff8801c69b0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.907944] ffff8801c69b0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.915805] ================================================================== [ 37.923157] Kernel panic - not syncing: panic_on_warn set ... [ 37.923157] [ 37.930536] CPU: 1 PID: 4834 Comm: syz-executor275 Tainted: G B 4.19.0-rc2+ #4 [ 37.939213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.948555] Call Trace: [ 37.951150] dump_stack+0x1c9/0x2b4 [ 37.954779] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.959988] ? lock_downgrade+0x8f0/0x8f0 [ 37.964132] ? __schedule+0xf54/0x1df0 [ 37.968015] panic+0x238/0x4e7 [ 37.971198] ? add_taint.cold.5+0x16/0x16 [ 37.975343] ? print_shadow_for_address+0xba/0x116 [ 37.980267] ? trace_hardirqs_off+0xaf/0x2c0 [ 37.984671] ? trace_hardirqs_off+0x77/0x2c0 [ 37.989090] ? __schedule+0xf54/0x1df0 [ 37.992975] kasan_end_report+0x47/0x4f [ 37.996948] kasan_report.cold.7+0x76/0x30d [ 38.001270] __asan_report_load8_noabort+0x14/0x20 [ 38.006197] __schedule+0xf54/0x1df0 [ 38.009916] ? __sched_text_start+0x8/0x8 [ 38.014065] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 38.019168] ? __call_srcu+0x7e7/0x1040 [ 38.023147] ? check_same_owner+0x340/0x340 [ 38.027463] ? mark_held_locks+0x160/0x160 [ 38.031691] ? find_held_lock+0x36/0x1c0 [ 38.035753] preempt_schedule_common+0x22/0x60 [ 38.040338] _cond_resched+0x1d/0x30 [ 38.044047] wait_for_completion+0xa5/0x8d0 [ 38.048394] ? wait_for_completion_interruptible+0x950/0x950 [ 38.054188] ? __lockdep_init_map+0x105/0x590 [ 38.058683] ? __init_waitqueue_head+0x9e/0x150 [ 38.063346] ? init_wait_entry+0x1c0/0x1c0 [ 38.067612] __synchronize_srcu+0x189/0x240 [ 38.071941] ? call_srcu+0x10/0x10 [ 38.075493] ? rcu_unexpedite_gp+0x20/0x20 [ 38.079732] synchronize_srcu+0x335/0x56f [ 38.083886] ? lock_downgrade+0x8f0/0x8f0 [ 38.088031] ? synchronize_srcu_expedited+0x20/0x20 [ 38.093047] ? kasan_check_read+0x11/0x20 [ 38.097195] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 38.101776] ? kasan_check_write+0x14/0x20 [ 38.106016] ? do_raw_spin_lock+0xc1/0x200 [ 38.110254] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.115963] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 38.121419] ? kvfree+0x61/0x70 [ 38.124705] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.129732] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.133788] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.138207] ? kvm_arch_sync_events+0x30/0x30 [ 38.142705] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.148254] ? mmu_notifier_unregister+0x474/0x600 [ 38.153176] ? trace_hardirqs_on+0x2c0/0x2c0 [ 38.157581] ? kfree+0x111/0x210 [ 38.160947] ? __mmu_notifier_register+0x30/0x30 [ 38.165725] ? __free_pages+0x10a/0x190 [ 38.169695] ? free_unref_page+0x930/0x930 [ 38.173934] kvm_put_kvm+0x73f/0x1060 [ 38.177763] ? kvm_write_guest_cached+0x40/0x40 [ 38.182433] ? _raw_spin_unlock_irq+0x27/0x70 [ 38.186927] ? _raw_spin_unlock_irq+0x27/0x70 [ 38.191431] ? lockdep_hardirqs_on+0x421/0x5c0 [ 38.196035] ? kasan_check_write+0x14/0x20 [ 38.200267] ? do_raw_spin_lock+0xc1/0x200 [ 38.204502] ? kvm_irqfd_release+0xdd/0x120 [ 38.208823] ? kvm_irqfd_release+0xdd/0x120 [ 38.213145] ? kvm_put_kvm+0x1060/0x1060 [ 38.217206] kvm_vm_release+0x42/0x50 [ 38.221005] __fput+0x38a/0xa40 [ 38.224285] ? __alloc_file+0x400/0x400 [ 38.228261] ? check_same_owner+0x340/0x340 [ 38.232587] ? kasan_check_write+0x14/0x20 [ 38.236837] ? do_raw_spin_lock+0xc1/0x200 [ 38.241068] ____fput+0x15/0x20 [ 38.244343] task_work_run+0x1e8/0x2a0 [ 38.248235] ? task_work_cancel+0x240/0x240 [ 38.252566] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.258104] ? switch_task_namespaces+0xa2/0xd0 [ 38.262769] do_exit+0x1ae4/0x26e0 [ 38.266323] ? mm_update_next_owner+0x9a0/0x9a0 [ 38.270994] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 38.275229] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.280243] ? kfree+0x1d7/0x210 [ 38.283618] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 38.287852] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 38.293598] ? avc_has_extended_perms+0xa97/0x15c0 [ 38.298529] ? kernel_text_address+0x9e/0xf0 [ 38.302938] ? ptrace_set_breakpoint_addr+0xbb/0x380 [ 38.308064] ? avc_ss_reset+0x190/0x190 [ 38.312042] ? save_stack+0xa9/0xd0 [ 38.315665] ? save_stack+0x43/0xd0 [ 38.319288] ? __kasan_slab_free+0x11a/0x170 [ 38.323691] ? kasan_slab_free+0xe/0x10 [ 38.327658] ? putname+0xf2/0x130 [ 38.331108] ? __x64_sys_openat+0x9d/0x100 [ 38.335341] ? do_syscall_64+0x1b9/0x820 [ 38.339401] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.344780] ? initcall_blacklisted+0x9a/0x1e0 [ 38.349371] ? rcu_note_context_switch+0x680/0x680 [ 38.354302] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 38.360010] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.365546] ? do_vfs_ioctl+0x201/0x1720 [ 38.369622] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 38.374827] ? ioctl_preallocate+0x300/0x300 [ 38.379241] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.384775] ? selinux_capable+0x40/0x40 [ 38.388845] ? path_pts+0x9f/0x1f0 [ 38.392385] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.397396] ? kmem_cache_free+0x246/0x280 [ 38.401626] ? putname+0xf7/0x130 [ 38.405082] do_group_exit+0x177/0x440 [ 38.408971] ? trace_hardirqs_on+0xbd/0x2c0 [ 38.413287] ? __ia32_sys_exit+0x50/0x50 [ 38.417344] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 38.422455] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.427987] ? ksys_ioctl+0x81/0xd0 [ 38.431612] __x64_sys_exit_group+0x3e/0x50 [ 38.435935] do_syscall_64+0x1b9/0x820 [ 38.439825] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 38.445190] ? syscall_return_slowpath+0x5e0/0x5e0 [ 38.450117] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.454957] ? trace_hardirqs_on_caller+0x2c0/0x2c0 [ 38.459969] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 38.464985] ? prepare_exit_to_usermode+0x291/0x3b0 [ 38.470001] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.474854] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.480042] RIP: 0033:0x43ef08 [ 38.483230] Code: Bad RIP value. [ 38.486588] RSP: 002b:00007fffb71100c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 38.494297] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ef08 [ 38.501561] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 38.508828] RBP: 00000000004be7c8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 38.516091] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 38.523353] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 38.530630] [ 38.530635] ====================================================== [ 38.530652] WARNING: possible circular locking dependency detected [ 38.530656] 4.19.0-rc2+ #4 Not tainted [ 38.530661] ------------------------------------------------------ [ 38.530666] syz-executor275/4834 is trying to acquire lock: [ 38.530669] 00000000c289dbbb ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 38.530683] [ 38.530687] but task is already holding lock: [ 38.530690] 0000000017595e00 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 38.530704] [ 38.530709] which lock already depends on the new lock. [ 38.530711] [ 38.530713] [ 38.530718] the existing dependency chain (in reverse order) is: [ 38.530720] [ 38.530723] -> #3 (report_lock){....}: [ 38.530737] _raw_spin_lock_irqsave+0x96/0xc0 [ 38.530740] kasan_report+0x8e/0x110 [ 38.530745] __asan_report_load8_noabort+0x14/0x20 [ 38.530748] __schedule+0xf54/0x1df0 [ 38.530753] preempt_schedule_common+0x22/0x60 [ 38.530756] _cond_resched+0x1d/0x30 [ 38.530760] wait_for_completion+0xa5/0x8d0 [ 38.530764] __synchronize_srcu+0x189/0x240 [ 38.530768] synchronize_srcu+0x335/0x56f [ 38.530773] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.530777] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.530781] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.530785] kvm_put_kvm+0x73f/0x1060 [ 38.530789] kvm_vm_release+0x42/0x50 [ 38.530792] __fput+0x38a/0xa40 [ 38.530804] ____fput+0x15/0x20 [ 38.530808] task_work_run+0x1e8/0x2a0 [ 38.530811] do_exit+0x1ae4/0x26e0 [ 38.530815] do_group_exit+0x177/0x440 [ 38.530819] __x64_sys_exit_group+0x3e/0x50 [ 38.530823] do_syscall_64+0x1b9/0x820 [ 38.530828] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.530830] [ 38.530832] -> #2 (&rq->lock){-.-.}: [ 38.530846] _raw_spin_lock+0x2a/0x40 [ 38.530850] task_fork_fair+0x93/0x680 [ 38.530853] sched_fork+0x44b/0xbd0 [ 38.530857] copy_process+0x235e/0x7af0 [ 38.530861] _do_fork+0x1ca/0x1170 [ 38.530864] kernel_thread+0x34/0x40 [ 38.530868] rest_init+0x22/0xe4 [ 38.530872] start_kernel+0x913/0x94e [ 38.530876] x86_64_start_reservations+0x29/0x2b [ 38.530880] x86_64_start_kernel+0x76/0x79 [ 38.530884] secondary_startup_64+0xa4/0xb0 [ 38.530886] [ 38.530888] -> #1 (&p->pi_lock){-.-.}: [ 38.530903] _raw_spin_lock_irqsave+0x96/0xc0 [ 38.530906] try_to_wake_up+0xd2/0x1250 [ 38.530910] wake_up_process+0x10/0x20 [ 38.530914] __up.isra.1+0x1c0/0x2a0 [ 38.530917] up+0x13c/0x1c0 [ 38.530934] __up_console_sem+0xbe/0x1b0 [ 38.530938] console_unlock+0x506/0x10e0 [ 38.530955] vprintk_emit+0x33a/0x910 [ 38.530958] vprintk_default+0x28/0x30 [ 38.530962] vprintk_func+0x7a/0x117 [ 38.530965] printk+0xa7/0xcf [ 38.530968] load_umh+0x51/0xbd [ 38.530984] do_one_initcall+0x127/0x838 [ 38.530988] kernel_init_freeable+0x4bb/0x5ae [ 38.531004] kernel_init+0x11/0x1b3 [ 38.531007] ret_from_fork+0x3a/0x50 [ 38.531010] [ 38.531012] -> #0 ((console_sem).lock){-...}: [ 38.531026] lock_acquire+0x1e4/0x4f0 [ 38.531030] _raw_spin_lock_irqsave+0x96/0xc0 [ 38.531034] down_trylock+0x13/0x70 [ 38.531038] __down_trylock_console_sem+0xae/0x200 [ 38.531042] console_trylock+0x15/0xa0 [ 38.531045] vprintk_emit+0x31f/0x910 [ 38.531049] vprintk_default+0x28/0x30 [ 38.531053] vprintk_func+0x7a/0x117 [ 38.531056] printk+0xa7/0xcf [ 38.531060] kasan_report+0x9e/0x110 [ 38.531064] __asan_report_load8_noabort+0x14/0x20 [ 38.531068] __schedule+0xf54/0x1df0 [ 38.531072] preempt_schedule_common+0x22/0x60 [ 38.531076] _cond_resched+0x1d/0x30 [ 38.531081] wait_for_completion+0xa5/0x8d0 [ 38.531085] __synchronize_srcu+0x189/0x240 [ 38.531089] synchronize_srcu+0x335/0x56f [ 38.531093] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.531097] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.531101] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.531105] kvm_put_kvm+0x73f/0x1060 [ 38.531109] kvm_vm_release+0x42/0x50 [ 38.531112] __fput+0x38a/0xa40 [ 38.531116] ____fput+0x15/0x20 [ 38.531119] task_work_run+0x1e8/0x2a0 [ 38.531123] do_exit+0x1ae4/0x26e0 [ 38.531127] do_group_exit+0x177/0x440 [ 38.531131] __x64_sys_exit_group+0x3e/0x50 [ 38.531134] do_syscall_64+0x1b9/0x820 [ 38.531139] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.531141] [ 38.531145] other info that might help us debug this: [ 38.531148] [ 38.531151] Chain exists of: [ 38.531153] (console_sem).lock --> &rq->lock --> report_lock [ 38.531170] [ 38.531174] Possible unsafe locking scenario: [ 38.531176] [ 38.531180] CPU0 CPU1 [ 38.531184] ---- ---- [ 38.531187] lock(report_lock); [ 38.531196] lock(&rq->lock); [ 38.531205] lock(report_lock); [ 38.531213] lock((console_sem).lock); [ 38.531221] [ 38.531224] *** DEADLOCK *** [ 38.531226] [ 38.531230] 2 locks held by syz-executor275/4834: [ 38.531232] #0: 0000000067762199 (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 38.531249] #1: 0000000017595e00 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 38.531265] [ 38.531268] stack backtrace: [ 38.531274] CPU: 1 PID: 4834 Comm: syz-executor275 Not tainted 4.19.0-rc2+ #4 [ 38.531281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.531284] Call Trace: [ 38.531287] dump_stack+0x1c9/0x2b4 [ 38.531292] ? dump_stack_print_info.cold.2+0x52/0x52 [ 38.531296] ? vprintk_func+0x100/0x117 [ 38.531300] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 38.531304] ? save_trace+0xe0/0x290 [ 38.531308] __lock_acquire+0x3449/0x5020 [ 38.531312] ? mark_held_locks+0x160/0x160 [ 38.531316] ? mark_held_locks+0x160/0x160 [ 38.531320] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 38.531324] ? is_bpf_text_address+0xd7/0x170 [ 38.531328] ? kernel_text_address+0x79/0xf0 [ 38.531332] ? __kernel_text_address+0xd/0x40 [ 38.531336] ? __save_stack_trace+0x8d/0xf0 [ 38.531341] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 38.531344] ? save_trace+0x290/0x290 [ 38.531348] ? save_stack_trace+0x1a/0x20 [ 38.531352] ? save_trace+0xe0/0x290 [ 38.531356] ? graph_lock+0x170/0x170 [ 38.531360] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.531364] lock_acquire+0x1e4/0x4f0 [ 38.531368] ? down_trylock+0x13/0x70 [ 38.531371] ? lock_release+0x9f0/0x9f0 [ 38.531375] ? trace_hardirqs_off+0xb8/0x2c0 [ 38.531380] ? trace_hardirqs_on+0x2c0/0x2c0 [ 38.531384] ? trace_hardirqs_off+0xb8/0x2c0 [ 38.531387] ? log_store+0x34f/0x4c0 [ 38.531391] ? vprintk_emit+0x31f/0x910 [ 38.531395] _raw_spin_lock_irqsave+0x96/0xc0 [ 38.531399] ? down_trylock+0x13/0x70 [ 38.531402] down_trylock+0x13/0x70 [ 38.531407] __down_trylock_console_sem+0xae/0x200 [ 38.531411] console_trylock+0x15/0xa0 [ 38.531414] vprintk_emit+0x31f/0x910 [ 38.531418] ? wake_up_klogd+0x110/0x110 [ 38.531422] ? run_rebalance_domains+0x4c0/0x4c0 [ 38.531439] ? kasan_check_read+0x11/0x20 [ 38.531443] ? rcu_is_watching+0x8c/0x150 [ 38.531447] ? rcu_pm_notify+0xc0/0xc0 [ 38.531451] ? lock_acquire+0x1e4/0x4f0 [ 38.531454] ? kasan_report+0x8e/0x110 [ 38.531474] ? __schedule+0xf54/0x1df0 [ 38.531477] vprintk_default+0x28/0x30 [ 38.531481] vprintk_func+0x7a/0x117 [ 38.531495] printk+0xa7/0xcf [ 38.531499] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 38.531514] ? kasan_check_write+0x14/0x20 [ 38.531517] ? do_raw_spin_lock+0xc1/0x200 [ 38.531521] ? do_raw_spin_lock+0xc1/0x200 [ 38.531524] kasan_report+0x9e/0x110 [ 38.531528] __asan_report_load8_noabort+0x14/0x20 [ 38.531531] __schedule+0xf54/0x1df0 [ 38.531534] ? __sched_text_start+0x8/0x8 [ 38.531538] ? _raw_spin_unlock_irqrestore+0xa1/0xc0 [ 38.531542] ? __call_srcu+0x7e7/0x1040 [ 38.531545] ? check_same_owner+0x340/0x340 [ 38.531548] ? mark_held_locks+0x160/0x160 [ 38.531552] ? find_held_lock+0x36/0x1c0 [ 38.531555] preempt_schedule_common+0x22/0x60 [ 38.531559] _cond_resched+0x1d/0x30 [ 38.531562] wait_for_completion+0xa5/0x8d0 [ 38.531566] ? wait_for_completion_interruptible+0x950/0x950 [ 38.531570] ? __lockdep_init_map+0x105/0x590 [ 38.531578] ? __init_waitqueue_head+0x9e/0x150 [ 38.531582] ? init_wait_entry+0x1c0/0x1c0 [ 38.531585] __synchronize_srcu+0x189/0x240 [ 38.531589] ? call_srcu+0x10/0x10 [ 38.531592] ? rcu_unexpedite_gp+0x20/0x20 [ 38.531595] synchronize_srcu+0x335/0x56f [ 38.531599] ? lock_downgrade+0x8f0/0x8f0 [ 38.531603] ? synchronize_srcu_expedited+0x20/0x20 [ 38.531606] ? kasan_check_read+0x11/0x20 [ 38.531610] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 38.531613] ? kasan_check_write+0x14/0x20 [ 38.531617] ? do_raw_spin_lock+0xc1/0x200 [ 38.531621] kvm_page_track_unregister_notifier+0x17d/0x250 [ 38.531625] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 38.531640] ? kvfree+0x61/0x70 [ 38.531644] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.531647] kvm_mmu_uninit_vm+0x1c/0x20 [ 38.531651] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 38.531655] ? kvm_arch_sync_events+0x30/0x30 [ 38.531659] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.531663] ? mmu_notifier_unregister+0x474/0x600 [ 38.531667] ? trace_hardirqs_on+0x2c0/0x2c0 [ 38.531670] ? kfree+0x111/0x210 [ 38.531674] ? __mmu_notifier_register+0x30/0x30 [ 38.531677] ? __free_pages+0x10a/0x190 [ 38.531681] ? free_unref_page+0x930/0x930 [ 38.531684] kvm_put_kvm+0x73f/0x1060 [ 38.531688] ? kvm_write_guest_cached+0x40/0x40 [ 38.531691] ? _raw_spin_unlock_irq+0x27/0x70 [ 38.531695] ? _raw_spin_unlock_irq+0x27/0x70 [ 38.531699] ? lockdep_hardirqs_on+0x421/0x5c0 [ 38.531702] ? kasan_check_write+0x14/0x20 [ 38.531706] ? do_raw_spin_lock+0xc1/0x200 [ 38.531710] ? kvm_irqfd_release+0xdd/0x120 [ 38.531713] ? kvm_irqfd_release+0xdd/0x120 [ 38.531717] ? kvm_put_kvm+0x1060/0x1060 [ 38.531720] kvm_vm_release+0x42/0x50 [ 38.531723] __fput+0x38a/0xa40 [ 38.531726] ? __alloc_file+0x400/0x400 [ 38.531730] ? check_same_owner+0x340/0x340 [ 38.531734] ? kasan_check_write+0x14/0x20 [ 38.531737] ? do_raw_spin_lock+0xc1/0x200 [ 38.531740] ____fput+0x15/0x20 [ 38.531744] task_work_run+0x1e8/0x2a0 [ 38.531747] ? task_work_cancel+0x240/0x240 [ 38.531751] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 38.531755] ? switch_task_namespaces+0xa2/0xd0 [ 38.531758] do_exit+0x1ae4/0x26e0 [ 38.531762] ? mm_update_next_owner+0x9a0/0x9a0 [ 38.531766] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 38.531770] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.531773] ? kfree+0x1d7/0x210 [ 38.531776] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 38.531781] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 38.531785] ? avc_has_extended_perms+0xa97/0x15c0 [ 38.531787] [ 38.531793] Lost 48 message(s)! [ 39.636323] Shutting down cpus with NMI [ 40.697140] Dumping ftrace buffer: [ 40.700665] (ftrace buffer empty) [ 40.704355] Kernel Offset: disabled [ 40.707961] Rebooting in 86400 seconds..